[eluser]Haloperidol[/eluser]
you could use the built in session library in codeigniter and you dont have to worry about managing the cookies altogether. this would be and example:
first, if you plan to use sessions you would auto-load it in the system/application/config/autoload.php:
Code:
$autoload['libraries'] = array('session');
in a controller, lets name it user.php:
Code:
...
function login()
{
$this->load->model('User_model'); // load the model that does the actual sql query
$user_data = $this->User_model->user_registered(); // store its return data in a variable
if ($user_data != FALSE) { // check if the model function returned false
$this->session->set_userdata('logged_in','true'); // store whatever you want in session vars...
$this->session->set_userdata('user_id',$user_data->id);
$this->session->set_userdata('user_nick',$user_data->nick_name);
$this->session->set_userdata('user_role',$user_data->role);
redirect('to_whatever_page_if_successful', 'refresh');
} else {
$this->session->unset_userdata(); // just to be sure
$this->session->set_flashdata('login_error', 'true'); // or you can use the form helpers
redirect('back_to_login_page', 'refresh');
}
}
...
in the model User_model.php, the corresponting function would be:
Code:
...
function user_registered()
{
$query = $this->db->query("SELECT * from users where nick_name = ".$this->db->escape($this->input->post('nick_name'))." AND password = ".$this->db->escape($this->input->post('password'))." limit 1");
if ($query->num_rows() > 0) {
return $query->row();
} else {
return FALSE;
}
}
...
in this case only a session id will be set in the cookie (right when the user loads any of your pages for the first time) and if the login is valid, you can access the session variables anywhere in this fashion:
Code:
$user_nick = $this->session->userdata('nick_name');
and if you want to log out the user, youd do this in your user controller:
Code:
...
$this->session->sess_destroy(); // will destroy all the stored session variables for this user
...
btw, set_userdata('whatever') will set a session variable that can be accessed as long as the session is alive, and set_flashdata('whatever') will set a session variable only for the next pageload and then it gets destroyed (good for temporary stuff like validation errors).